CVE-2022-29588
high-risk
Published 2022-05-16
Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.
Do I need to act?
-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Bizhub 226I Firmware
Bizhub 227 Firmware
Bizhub 246I Firmware
Bizhub 287 Firmware
Bizhub 306I Firmware
Bizhub 308 Firmware
Bizhub 308E Firmware
Bizhub 367 Firmware
Bizhub 368 Firmware
Bizhub 368E Firmware
Bizhub 4052 Firmware
Bizhub 458 Firmware
Bizhub 458E Firmware
Bizhub 4752 Firmware
Bizhub 558 Firmware
Bizhub 558E Firmware
Bizhub 658E Firmware
Bizhub 758 Firmware
Bizhub 808 Firmware
Bizhub 958 Firmware
Affected Vendors
References (4)
Third Party Advisory
http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Te...
Third Party Advisory
https://sec-consult.com/vulnerability-lab/
Third Party Advisory
http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Te...
Third Party Advisory
https://sec-consult.com/vulnerability-lab/
53
/ 100
high-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
25/34 · High